Vulnerability

    smbval

Affected

    smbval library

Description

    Patrick  Michael  Kane  found  following.   While  working  on his
    Authen::Smb  wrapper,  which  provides  SMB authentication to UNIX
    hosts via  perl, Patrick  discovered that  the library  that it is
    based  on,  smbvalid.a  (originally  written  by  Richard  Sharpe,
    patched by many folks through  time -- available from a  number of
    places  via  http/ftp),  has   a  number  of  exploitable   buffer
    overflows.  The  username and password  arrays, among others,  are
    vulnerable  to  overflow.   Remotely  accessible applications that
    rely on the smbvalid library for authentication may be  vulnerable
    to   remote   attack.    At   this   time,   Apache::AuthenSmb,  a
    mod_perl-based  authentication  module  for  Apache,  is  the only
    formal  application  I  am  aware  of  that is vulnerable.  Custom
    developed   applications   should   be   examined   for   possible
    vulnerabilities.

    pam_smb, which is also built around smbvalid, does _not_ apper  to
    be vulnerable to attacks.

Solution

    Authen::Smb 0.9 has been released which addresses this problem and
    is available via  CPAN.  No  patches are available  to correct the
    problem in the library itself at this time.